Samba: How to Disable LAN Samba Server Discovery

Question

I am trying to hide my Samba server from my LAN completely but am unable to do so. I managed to hide the folders but not the server itself. What I mean is this, when I open Finder on my Mac there is a list of Shared networks, my Raspberry Pi is listed there as RASPBERRY. <-- I'd assume that's the NetBIOS name.

I read that I have to disable the nmbd server on the samba server. I tried adding disable netbios = yes to my [Global] in /etc/samba/smb.conf but this did not work.

I also tried editing my rc/init scripts <- that launches the nmbd server but I get an empty file with nano editor. I guess I am doing something wrong there.

I also tried:

1) sudo systemctl stop smbd

2) sudo systemctl disable smbd

^Those two completely destroyed my Samba server, making me unable to connect at all. After reversing those commands it still did not work, luckily I had a recent backup & copied my Samba config file.

I tried other things too but all older posts are from 2011.

Can someone help me? I don't know how to do it.

Here's the source of part of my post: https://www.samba.org/samba/docs/current/man-html/nmbd.8.html

Terminal results from netstat -ln.

The answer to this is over my head I'm afraid, but it occurs to me that it might have to be dealt with in the Bonjour/Zero Config networking setup in your Mac... have you looked in that direction? Your post has got me curious though... I've just set up a Samba share on my RPi, and sometimes I see it in Finder, and sometimes I don't. I'll investigate further & post again if I learn anything. — Seamus, Jun 02 '18 at 13:00
Oh, one other thing: You're looking at Samba docs for ver 4.8, and you've probably got ver 4.5.12 on your RPi. pi@raspberrypi3b:~ $ nmbd --version Version 4.5.12-Debian — Seamus, Jun 02 '18 at 13:23
Hi, thanks for your curiosity. I used a network scanning app on my phone since my Mac doesn't always refresh Shared in Finder. My Raspberry Pi was detected with Samba turned on and undetected with Samba turned off. I don't think it has anything to do with Bonjour. The Samba server is broadcasting the Raspberry Pi's NetBIOS so it can be found by Bonjour so it must be Samba related. Yeah, the source post is old haha, I couldn't find anything updated on the Internet. I have the latest version of Samba installed, Samba version 4.5.12-Debian yep. If I find anything I'll tell you. — May, Jun 02 '18 at 16:32
Okay, sudo systemctl stop nmbd disables the NetBIOS name, that's one step further, but that was all. Now it shows the actual IP address when scanning my LAN. sudo systemctl disable smbd stops the entire Samba server. What I must look into is to disable broadcasting of the IP not the NetBIOS name. I am stuck for now. — May, Jun 02 '18 at 16:49
I may have something... do this from the cmdline after you've stopped nmbd: netstat -an | grep 137 Does it show anything? — Seamus, Jun 03 '18 at 01:02
udp 0 0 192.168.1.3:138 0.0.0.0:* <-- 137 Result
udp 0 0 192.168.1.3:137 0.0.0.0:* <--138 Result

These are the results for netstat -an | grep 137 and netstat -an | grep 138. The IP (192.168.1.3) is the IP of my Raspberry Pi. Basically without disabling and with disabling nmbd, the results stay the same. No difference noticed. — May, Jun 03 '18 at 12:58
sudo ps -e | grep nmbd shows nothing in terminal. I assume it is not running as I cannot see the NetBIOS name when scanning my LAN. — May, Jun 03 '18 at 13:57
Ach! I just noticed, you're using netstat -an , instead of netstat -ln. See man netstat for the diff, but the l option means list the active listeners. I changed that in the answer... Run that, and hopefully you'll see nothing listening — Seamus, Jun 03 '18 at 15:37
Ohh, there's actually quite a list haha, I don't know what exactly what it means but I think it's a summary of the devices that use the broadcast? Haven't been able to look into it yet. I put the information of nenstat -ln in my post. — May, Jun 03 '18 at 17:19
I'm sorry, I thought you understood that only ports 137 and 138 were needed for netstat as those are the only two ports used by netbios (thus the grep 137 & grep 138. You've listed all of the ports, and that's fine - this is what I'd expect to see. From the output you have listed, there's nothing on 137 or 138. I think you've squashed it! nmbd is disabled, and your Samba server is now "hidden" (as in not broadcasting its presence or advertising its services any longer). I think we're done. If you disagree, please let me know. — Seamus, Jun 03 '18 at 21:07
I did know that, that's why I also did 138 when you only suggested 137 haha. Just didn't know exactly how I could identify if it was disabled (now I do). I already knew that NetBIOS was disabled but the Samba server is still broadcasting my Pi's IP address on my network. It didn't solve much as it now shows '192.168.1.3' on my LAN, when I disable Samba it is not detected. — May, Jun 04 '18 at 11:34
As I mentioned in my first comment, that may have more to do with your Mac (or PC) than Samba. Bonjour has its own chatty protocol, and this is used to discover network services. There's really nothing else you can do with Samba - other than perhaps re-write its source code to disallow replies to Bonjour queries. Sorry all of this didn't help. — Seamus, Jun 04 '18 at 16:29
Ah I see, all right. If that is all I can do then I'll accept the answer. I did come a whole end after all. It actually, isn't detected on my Mac anymore! Just on my phone when I scan my LAN. Thanks for your help and patience, and you did help. — May, Jun 04 '18 at 20:10
I'd have to guess your phone scan is discovering that Samba is listening. Perhaps similar to the way a portscan is run in Nmap. I've not run Nmap on my LAN, but I guess that you'll find TCP ports 139 and 445 and UDP ports 137 and 138 are "open". We've "shushed" broadcasts from 137 and 138 to stop the advertisements. If you want to run Samba, I think this is all you can do. What phone app is that BTW? — Seamus, Jun 04 '18 at 23:48
I'll find it out someday, just need to learn more. I use: ES File Explorer Pro. On the left side is a panel with Network and LAN. If you click scan it'll start the process. — May, Jun 05 '18 at 11:12

Seamus · Accepted Answer · 2018-06-05T13:27:29.533

I hope this helps:

The Short Answer:

Add the following line in the Global section of /etc/samba/smb.conf:

disable netbios = yes
Prevent nmbd from starting at boot time with the following command:

pi@raspberrypi3b:~ $ sudo update-rc.d nmbd disable

You can verify that this disables nmbd with netstat -ln | grep 137 and netstat -ln | grep 138. Ports 137 & 138 are two ports used by netbios.

Here's how I got to the Short Answer:

pi@raspberrypi3b:~ $ sudo ps -e | grep nmbd  
6555 ?        00:00:00 nmbd 
pi@raspberrypi3b:~ $ netstat -ln | grep 137 
udp        0      0 192.168.1.255:137       0.0.0.0:*
udp        0      0 192.168.1.27:137        0.0.0.0:*                          
udp        0      0 192.168.1.255:137       0.0.0.0:*                 
udp        0      0 192.168.1.28:137        0.0.0.0:*                 
udp        0      0 0.0.0.0:137             0.0.0.0:*

pi@raspberrypi3b:~ $ netstat -ln | grep 138 
udp        0      0 192.168.1.255:138       0.0.0.0:*  
udp        0      0 192.168.1.27:138        0.0.0.0:*                          
udp        0      0 192.168.1.255:138       0.0.0.0:*                 
udp        0      0 192.168.1.28:138        0.0.0.0:*                 
udp        0      0 0.0.0.0:138             0.0.0.0:*

These 3 commands tell us that nmbd is running under pid 6555, and that ports 137 & 138 are in use. We believe that nmbd is the user of these ports. Without knowing precisely how to disable nmbd at this point, let's determine the effect of setting the option disable netbios = yes in /etc/smb.conf. After making that change, restart samba to have it re-read smb.conf:

pi@raspberrypi3b:~ $ sudo /etc/init.d/samba restart 
[ ok ] Restarting nmbd (via systemctl): nmbd.service. 
[ ok ] Restarting smbd (via systemctl): smbd.service. 

pi@raspberrypi3b:~ $ netstat -ln | grep 137
udp        0      0 192.168.1.255:137       0.0.0.0:*                 
udp        0      0 192.168.1.27:137        0.0.0.0:*                 
udp        0      0 192.168.1.255:137       0.0.0.0:*                 
udp        0      0 192.168.1.28:137        0.0.0.0:*                 
udp        0      0 0.0.0.0:137             0.0.0.0:* 

pi@raspberrypi3b:~ $ netstat -ln | grep 138 
udp        0      0 192.168.1.255:138       0.0.0.0:*  
udp        0      0 192.168.1.27:138        0.0.0.0:*                          
udp        0      0 192.168.1.255:138       0.0.0.0:*                 
udp        0      0 192.168.1.28:138        0.0.0.0:*                 
udp        0      0 0.0.0.0:138             0.0.0.0:*

CONCLUSION: Adding the option disable netbios = yes to smb.conf doesn't stop broadcasts on ports 137 and 138. Let's stop nmbd, and determine the effect:

pi@raspberrypi3b:~ $ sudo ps -e | grep nmbd  
6555 ?        00:00:00 nmbd 
pi@raspberrypi3b:~ $ sudo kill 6555 
pi@raspberrypi3b:~ $ sudo ps -e | grep nmbd 
pi@raspberrypi3b:~ $ netstat -ln | grep 137 
pi@raspberrypi3b:~ $ netstat -ln | grep 138

CONCLUSION: Stopping nmbd stops activity on ports 137 and 138. Now, we must learn how to prevent nmbd from being started at boot time.

Where is nmbd started?

pi@raspberrypi3b:~ $ ls -l /etc/init.d | grep nmbd 
-rwxr-xr-x 1 root root 2064 Mar  5 13:30 nmbd

CONCLUSION: nmbd startup script is in /etc/init.d and therefore controlled by update-rc.d

After reading man update-rc.d and postings in other forums, it seems there is some question as to exactly how to do this; i.e. which of the following commands should be used? :

sudo update-rc.d nmbd disable

-- OR --

sudo update-rc.d -f nmbd remove

Since disable sounds less permanent than remove, try that first :)

sudo update-rc.d nmbd disable  
pi@raspberrypi3b:~ $ sudo reboot

...

Finally, let's check to make sure activity on ports 137 and 138 has been stopped, and that nmbd is not running:

pi@raspberrypi3b:~ $ sudo ps -e | grep nmbd 
pi@raspberrypi3b:~ $ netstat -ln | grep 137 
pi@raspberrypi3b:~ $ netstat -ln | grep 138 
pi@raspberrypi3b:~ $

This appears to have done the deed. Let me know if this does what you needed.

Hi, I did what you suggested:

Leave the disable netbios = yes in smb.conf in [GLOBAL] section.

sudo update-rc.d nmbd disable

sudo reboot

sudo ps -e | grep nmbd

netstat -ln | grep 137 <-- Result unix 2 [ ACC ] SEQPACKET LISTENING 13717 /var/run/bluealsa/hci0

netstat -ln | grep 137 <-- result: none.

It gave me the same outcome as sudo systemctl disable nmbd, which stops the NetBIOS broadcasting but doesn't stop the IP from doing so. Thanks for your suggestion though! — May, Jun 03 '18 at 13:09

Samba: How to Disable LAN Samba Server Discovery

1 Answers1

The Short Answer:

Here's how I got to the Short Answer: